System robots #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main and Pull Request Pipeline | |
| on: | |
| push: | |
| branches: [main] | |
| tags: | |
| - "v*.*.*" | |
| pull_request: | |
| paths-ignore: | |
| - "*.md" | |
| - "assets/**" | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Dagger Version | |
| uses: sagikazarmark/dagger-version-action@v0.0.1 | |
| - name: Generate Document | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: run-doc export --path=doc | |
| - name: Check for changes | |
| run: | | |
| # Check if any docs have been modified | |
| changed_files=$(git ls-files --others --modified --deleted --exclude-standard) | |
| # If there are files changed, fail the workflow | |
| if [ -n "$changed_files" ]; then | |
| echo "file changes found" | |
| echo "please check if docs were added for new commands or updated for new commands" | |
| echo "$changed_files" | |
| exit 1 # This will fail the workflow | |
| else | |
| echo "No file changes found." | |
| fi | |
| continue-on-error: false | |
| - name: Run Dagger golangci-lint | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: lint-report export --path=golangci-lint.report | |
| - name: Generate lint summary | |
| run: | | |
| echo "<h2> 📝 Lint results</h2>" >> $GITHUB_STEP_SUMMARY | |
| cat golangci-lint.report >> $GITHUB_STEP_SUMMARY | |
| # Check if the lint report contains any content (error or issues) | |
| if [ -s golangci-lint.report ]; then | |
| # If the file contains content, output an error message and exit with code 1 | |
| echo "⚠️ Linting issues found!" >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| fi | |
| # - uses: reviewdog/action-setup@v1 | |
| # - name: Run Reviewdog | |
| # env: | |
| # REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # run: | | |
| # reviewdog -f=sarif -name="Golang Linter Report" -reporter=github-check -filter-mode nofilter -fail-level any -tee < golangci-lint-report.sarif | |
| vulnerability-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Dagger Version | |
| uses: sagikazarmark/dagger-version-action@v0.0.1 | |
| - name: Run Vulnerability Check | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: vulnerability-check-report export --path=vulnerability-check.report | |
| - name: Generate vulnerability summary | |
| run: | | |
| echo "<h2> 🔒 Vulnerability Check Results</h2>" >> $GITHUB_STEP_SUMMARY | |
| cat vulnerability-check.report >> $GITHUB_STEP_SUMMARY | |
| # Check if the lint report contains any content (error or issues) | |
| if ! grep -q "No vulnerabilities found." vulnerability-check.report; then | |
| # If the file contains content, output an error message and exit with code 1 | |
| echo "⚠️ Linting issues found!" >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| fi | |
| test-release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Dagger Version | |
| uses: sagikazarmark/dagger-version-action@v0.0.1 | |
| - name: Test Release | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: snapshot-release | |
| test-code: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Run Tests | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: test-report export --path=TestReport.json | |
| - name: Summarize Tests | |
| uses: robherley/go-test-action@v0.6.0 | |
| with: | |
| fromJSONFile: TestReport.json | |
| - name: Run Test Coverage Report | |
| if: github.event_name == 'pull_request' | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: test-coverage-report export --path=coverage-report.md | |
| - name: Add coverage to step summary | |
| if: github.event_name == 'pull_request' | |
| run: cat coverage-report.md >> $GITHUB_STEP_SUMMARY | |
| - name: Run Test Coverage | |
| if: github.event_name == 'pull_request' | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: test-coverage export --path=coverage.out | |
| - uses: codecov/codecov-action@v5 | |
| if: github.event_name == 'pull_request' | |
| with: | |
| verbose: true | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Build Binary | |
| uses: dagger/dagger-for-github@v7 | |
| with: | |
| version: ${{ steps.dagger_version.outputs.version }} | |
| verb: call | |
| args: build-dev --platform linux/amd64 export --path=./harbor-dev | |
| push-latest-images: | |
| needs: | |
| - lint | |
| - test-code | |
| permissions: | |
| contents: read | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Print GitHub ref for debugging | |
| run: | | |
| echo "GitHub ref: $GITHUB_REF" | |
| - name: Checkout repo | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/main') | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Publish and Sign Snapshot Image | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/main') | |
| uses: ./.github/actions/publish-and-sign | |
| with: | |
| IMAGE_TAGS: latest | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} | |
| REGISTRY_ADDRESS: ${{ vars.REGISTRY_ADDRESS }} | |
| REGISTRY_USERNAME: ${{ vars.REGISTRY_USERNAME }} | |
| publish-release: | |
| needs: | |
| - lint | |
| - test-code | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| steps: | |
| - name: Checkout repo | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Checkout repo | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Push images | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| uses: ./.github/actions/publish-and-sign | |
| with: | |
| IMAGE_TAGS: latest, ${{ github.ref_name }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} | |
| REGISTRY_ADDRESS: ${{ vars.REGISTRY_ADDRESS }} | |
| REGISTRY_USERNAME: ${{ vars.REGISTRY_USERNAME }} | |
| - name: Create Release | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| uses: dagger/dagger-for-github@v7 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| version: "latest" | |
| verb: call | |
| args: "release --github-token=env:GITHUB_TOKEN" | |
| - name: Publish and Sign Tagged Image | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| uses: ./.github/actions/publish-and-sign | |
| with: | |
| IMAGE_TAGS: "latest, ${{ github.ref_name }}" | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} | |
| REGISTRY_ADDRESS: ${{ vars.REGISTRY_ADDRESS }} | |
| REGISTRY_USERNAME: ${{ vars.REGISTRY_USERNAME }} |